hounam-submit-form-backend/seeders/rbac.seed.ts

import { sequelize } from "../src/models";
import { Permission } from "../src/models/Permission";
import { Role } from "../src/models/Role";


export async function seedRBAC() {
  const transaction = await sequelize.transaction();

  try {

    /**
     * PERMISSIONS
     */

    const permissionsList = [
      "VIEW_APPLICANTS",
      "CREATE_APPLICANT",
      "EDIT_APPLICANT",
      "DELETE_APPLICANT",

      "EXPORT_APPLICANTS",

      "VIEW_USERS",
      "CREATE_USER",
      "EDIT_USER",
      "DELETE_USER",

      "VIEW_ROLES",
      "MANAGE_ROLES",

      "SYSTEM_SETTINGS"
    ];

    const permissions: any = {};

    for (const perm of permissionsList) {
      const [permission] = await Permission.findOrCreate({
        where: { name: perm },
        defaults: { name: perm },
        transaction
      });

      permissions[perm] = permission;
    }

    /**
     * ROLES
     */

    const rolesData = [
      {
        name: "SUPER_ADMIN",
        description: "دسترسی کامل به کل سیستم"
      },
      {
        name: "ADMIN",
        description: "مدیریت کاربران و رزومه‌ها"
      },
      {
        name: "HR",
        description: "کارشناس منابع انسانی"
      },
      {
        name: "VIEWER",
        description: "فقط مشاهده رزومه‌ها"
      }
    ];

    const roles: any = {};

    for (const roleData of rolesData) {
      const [role] = await Role.findOrCreate({
        where: { name: roleData.name },
        defaults: roleData,
        transaction
      });

      roles[roleData.name] = role;
    }

    /**
     * ROLE PERMISSIONS
     */

    await roles.SUPER_ADMIN.setPermissions(Object.values(permissions), {
      transaction
    });

    await roles.ADMIN.setPermissions(
      [
        permissions.VIEW_APPLICANTS,
        permissions.CREATE_APPLICANT,
        permissions.EDIT_APPLICANT,
        permissions.DELETE_APPLICANT,
        permissions.EXPORT_APPLICANTS,

        permissions.VIEW_USERS,
        permissions.CREATE_USER,
        permissions.EDIT_USER,

        permissions.VIEW_ROLES
      ],
      { transaction }
    );

    await roles.HR.setPermissions(
      [
        permissions.VIEW_APPLICANTS,
        permissions.CREATE_APPLICANT,
        permissions.EDIT_APPLICANT,
        permissions.EXPORT_APPLICANTS
      ],
      { transaction }
    );

    await roles.VIEWER.setPermissions(
      [
        permissions.VIEW_APPLICANTS
      ],
      { transaction }
    );

    await transaction.commit();

    console.log("✅ RBAC seed completed");

  } catch (error) {

    await transaction.rollback();

    console.error("❌ RBAC seed failed:", error);

    throw error;
  }
}